Sodinokibi Crypto Ransomware Switches from Bitcoin to Monero to Hide Money Trail
A kind of ransomware — a malware that encrypts user data and asks for a ransom to restore access to it — switched from Bitcoin (BTC) to Monero (XMR) to better protect the hackers’ identities.
According to an April 11 report by cybersecurity news outlet BleepingComputer, using Monero will make it harder for law enforcement to track ransom payments to the hackers behind Sodinokibi. As the article mentions, Europol strategy analyst Jerek Jakubcek explained during a February webinar how anoncoins influence legal investigations:
“Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road. Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.”
“BTC will be removed”
Per the report, the hackers behind the Sodinokibi ransomware posted on a hacker and malware forum a post announcing their switch to Monero. In the post, the cybercriminals explicitly stated that the switch was meant to make it harder for law enforcement to track the money. The announcement reads:
“In this regard, we inform you that after a while the BTC will be removed as a payment method. Victims need to begin to understand the new cryptocurrency, as well as other interested parties who work with us.”
In fact, the Sodinokibi payment website already pushes people away from paying with Bitcoin by increasing the price in the currency by 10% compared to the Monero price. Interestingly, the group also looks for partners who can get the data access back for the users at a discount so they can add a surcharge to it while.
Threat analyst at cybersecurity firm Emsisoft Brett Callow told Cointelegraph that anoncoin use for the payment of ransomware ransom payment is less common than many would expect. He also noted that he would not be surprised if other ransomware groups followed suit:
“While there are some instances of demands being made in alternative currencies, this will be the first time that a major ransomware group has settled on a currency other than Bitcoin. Like other businesses, criminal enterprises adopt strategies that have been proven to work and, accordingly, if this switch proves successful for REvil, we’d expect to see other groups begin to experiment with demands in currencies other than bitcoin.”
Ransomware attacks are a growing threat
Many consider ransomware developed and distributed by well-organized cybercrime groups the biggest current cybersecurity threat. As Cointelegraph recently reported, a U.K.-based firm recently paid hackers almost $2.3 million in Bitcoin after being infected by the Sodinokibi ransomware.
Many are afraid that the current coronavirus pandemic will exacerbate the consequences of successful attacks on healthcare providers. In an attempt to alleviate the danger, Microsoft recently notified hospitals that are vulnerable to ransomware attacks.